!!! 5
%html{lang: "en"}
  %head
    %meta{charset: "utf-8"}
    %title About DNSCrypt-OSXClient
    :sass
      body
        font:
          family: arial, helvetica, sans-serif
        margin: 0
      h1
        margin: 0
  %body
    %h1 About DNSCrypt-OSXClient
    %p
      This software encrypts and authenticates DNS packets between your computer
      and a DNS resolver using DNSCrypt.
    %p
      Tips:
      %ul
        %li
          If you have a firewall, open TCP and UDP ports 53, 54, 443
          and 1053. These are the most common ports used for DNSCrypt.
        %li
          The "Automatically disable if blocked" feature automatically disables
          DNSCrypt when DNS queries are not able to reach the DNSCrypt
          resolver. This can
          happen on public WiFi networks that require going through a captive
          portal before you can access external networks.
          This function is only provided for conveniency.
          When enabled, the protocol can be easily downgraded by
          third-parties. In other words, when the "Automatically
          disable if blocked" feature is enabled, this software doesn't
          provide any security at all against active attackers, but it can
          still be useful against passive attackers and in order to bypass
          DNS censorship. Don't enable it unless you are frequently
          roaming and you don't want to manually disable/enable DNSCrypt.
        %li
          Using Little Snitch? There are a few rules you need to establish,
          which Little Snitch should prompt for when trying to
          activate this application:
          %ol
            %li Allow any outgoing connection for system processes (dnscrypt-proxy)
            %li Allow any incoming connection for system process (dnscrypt-proxy)
            %li Allow any outgoing connection for system processes (dig)
            %li Allow outgoing TCP connections to port 80 (http) of www.apple.com for system process (curl)
            %li For automatic updates, allow outgoing TCP connections to port 80 (http) of updates.dnscrypt.org and to port 443 (https) of github.com for system process (curl)
          (Thanks to @cavemandaveman and @TraderStf)
